The All-Seeing Eye: A Massive-Multi-Sensor Zero-Configuration Intrusion Detection System for Web Applications

TL;DR

This paper introduces a large-scale, zero-configuration intrusion detection system for web applications that leverages numerous sensors to effectively identify timing and brute-force attacks without prior system knowledge.

Contribution

It proposes a novel massive-multi-sensor approach that automatically inserts sensors into web apps and frameworks, enabling high-accuracy detection of sophisticated attacks without configuration.

Findings

Detects timing and brute-force attacks with increased accuracy

Operates without system-specific knowledge

Automatically inserts sensors into web applications

Abstract

Timing attacks are a challenge for current intrusion detection solutions. Timing attacks are dangerous for web applications because they may leak information about side channel vulnerabilities. This paper presents a massive-multi-sensor zero-configuration Intrusion Detection System that is especially good at detecting timing attacks. Unlike current solutions, the proposed Intrusion Detection System uses a huge number of sensors for attack detection. These sensors include sensors automatically inserted into web application or into the frameworks used to build web applications. With this approach the Intrusion Detection System is able to detect sophisticated attacks like timing attacks or other brute-force attacks with increased accuracy. The proposed massive-multi-sensor zero-configuration intrusion detection system does not need specific knowledge about the system to protect, hence it offers zero-configuration capability.